The Data Protection Directive forbids the transfer of personal data to countries without equivalent privacy protection, including the US. A Safe Harbor scheme was introduced last year to provide a loophole for US firms. It sets out a number of principles with which US businesses must comply if they want to receive personal data on European citizens from businesses operating in the EU. Voluntary compliance, monitored by the US Federal Trade Commission, allows, for example, the exchange of customer details from their European offices or subsidiaries.
However, financial services firms are excluded from the Safe Harbor provisions because they compromise the strength of EU data protection rules. Instead, financial services firms will be expected to comply with the stricter terms in the proposed “standard clause” rules – to which the US Treasury and Commerce Departments objected. In practical terms, US banks with a European presence must get consent any European customer before they can transfer that customer’s details to the US.
According to ZDNet UK, John Mogg, the director general of the European Commission’s internal market directorate, has told the US that the model contract plan will go ahead.